Teampass 跨站脚本漏洞

TeamPass is an open source password manager from the individual developer NILS LAUMAILLÉ Nils Laumaillé. A security vulnerability exists in Teampass 2.1.26, which can be exploited by an attacker via index.php PATHINFO...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

Mailman Cross-Site Scripting Vulnerability

Mailman is a set of shareware developed in the Python language that allows you to manage mailing lists.Web UI is one of the web management interfaces. A cross-site scripting vulnerability exists in the Web UI of Mailman versions prior to 2.1.26. A remote attacker can exploit this vulnerability to...

TeamPass Passwords Management System 2.1.26 File Download

ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected:...

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download 1. ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitiv...

TeamPass SQL Injection Vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in TeamPass versions 2.1.26, 2.1.25, and 2.1.24, which stems from the program failing to properly filter user-submitted input when constructing SQL query statements. An attacker could use this...